Business world gets a new way to monitor employee text messages

Service will let consumers—and employers—store text messages in the cloud.

A startup called Uppidy has unveiled a service that backs up SMS services to the cloud, making it easier for individuals, parents, or even your employer to read your text messages.

Uppidy was founded by entrepreneur Joshua Konowe, who came up with the idea after dropping his cell phone in the toilet and going through a difficult process to retrieve his text messages from AT&T. The small startup in Washington, DC launched almost a year ago with a free service for consumers. In the past few weeks, the company started selling to the corporate world.

So far, a few unnamed businesses are testing Uppidy on corporate phones, Konowe told Ars. One customer is backing up and monitoring text messages from 500 phones, and another is doing so on 200. Konowe said he was initially just going to sell to consumers (including parents who want to monitor their kids’ messaging), but interest from corporations led him to develop a business-focused service as well.

“We don't have a gazillion users,” he said. But “we have a lot of inquiries from Fortune 100-sized companies who are very interested in this.”

Before you scream "privacy violation!" we'll point out that this is likely confined to devices that are owned and paid for by employers. Uppidy can be installed on employee-owned phones, but it does require some user-initiated actions. With Android and BlackBerry, users must download an app to their phone from the Android and BlackBerry application stores, respectively. Using Uppidy with an iPhone requires a desktop application and a wired connection to iTunes.

Konowe said he couldn’t get an app onto the iPhone App Store because of Apple’s restrictions on building tools on top of the phone's SMS service. That means iPhone users’ messages aren’t uploaded to Uppidy automatically, but syncing with iTunes on your desktop updates the Uppidy database, which is stored (in encrypted form) in the Amazon Elastic Compute Cloud.

Konowe said potential customers in regulated industries have told him they shut off text messaging on company phones because they can't track and store messages the way they can with e-mail. Keeping records is important for e-discovery purposes, as companies are often required to turn over electronic communications as part of legal proceedings.

Uppidy's public-facing site is very consumer-oriented at the moment, complete with the option to sign in using your Facebook account. The business-focused service isn't fully baked yet, but Konowe said his team is creating a way to separate personal texts from business texts so companies can just track the business-focused ones, although this requires manual effort on the part of users to separate contacts into personal and work buckets. Uppidy is also working with mobile device management vendors to get its text tracking service integrated into the types of IT management tools that handle provisioning of mobile services to employees and enforcement of policies.

Uppidy is building its services with venture capital funding, and will try to make revenue by upselling consumers to premium services, running ads, and charging business customers fees around $5,000 or up to $1 per device per month. Eventually, Konowe says he wants Uppidy to archive messages from IM services, Gchat, Skype, Facebook, Twitter, and so forth.

For people who want an easy way to archive personal communications, Uppidy is worth looking into. For employees who are (rightfully) worried that employers might use something like this to keep tabs on them, remember that it's best to keep all personal communications on personal devices. As Konowe says, when you're using company property, you have to act like it. In fact, Uppidy isn't even the first to offer text message archiving to businesses—companies like Smarsh and Sonian are already in the market.

"I would argue that if it's a corporate-sponsored device, and the user doesn't expect the company to be looking at everything on the device, they're crazy," Konowe said.

Promoted Comments

Konowe said potential customers in regulated industries have told him they shut off text messaging on company phones because they can't track and store messages the way they can with e-mail. Keeping records is important for e-discovery purposes, as companies are often required to turn over electronic communications as part of legal proceedings.

Thank you! I cant tell you how many times we've had idiots with company issued blackberries that are conducting business over SMS. Countless time we've had to go through painfull processes with carriers to capture SMS messages for e-discovery/litigtion/hold notices. And I usually have to be the guy that tells the user 'yes even your personal messages to your wife are now going to be forever stored'.

Maybe just the idea that we can and do capture and store our users SMS data will at least ebb the amount of my user base that likes to overuse/misuse SMS for conducting business.

"Konowe said his team is creating a way to separate personal texts from business texts so companies can just track the business-focused ones, although this requires manual effort on the part of users to separate contacts into personal and work buckets."-vs-' "I would argue that if it's a corporate-sponsored device, and the user doesn't expect the company to be looking at everything on the device, they're crazy," Konowe said.'

Interesting... they think you're crazy to do it, but they'll support you trying to keep private your personal sms on the business device.

SMS Backup + is a free app that will backup your SMS/MSS to your gmail account.

As to the tone of the article, it's not so much that your employer *wants* to record your SMS messages (generally) it's that they are *required* to by law. In many industries including many parts of the financial industry all communications between employees and third parties must be logged and kept for a certain period of time. Heck it's probably required for most government positions under open records laws.

I remember when I used aol and I'd have to shift through my emails to delete the excess. With gmail, I can't remember the last time I deleted a non-spam email because the value in searching old mail so clearly supersedes data excess or privacy concerns. And sure this app could mean yet another privacy encroachment, but it could also mean greater capability for information organization, which is always an essential tool for moving to more advanced technologies and methodologies.

Konowe said potential customers in regulated industries have told him they shut off text messaging on company phones because they can't track and store messages the way they can with e-mail. Keeping records is important for e-discovery purposes, as companies are often required to turn over electronic communications as part of legal proceedings.

Thank you! I cant tell you how many times we've had idiots with company issued blackberries that are conducting business over SMS. Countless time we've had to go through painfull processes with carriers to capture SMS messages for e-discovery/litigtion/hold notices. And I usually have to be the guy that tells the user 'yes even your personal messages to your wife are now going to be forever stored'.

Maybe just the idea that we can and do capture and store our users SMS data will at least ebb the amount of my user base that likes to overuse/misuse SMS for conducting business.

Thank you! I cant tell you how many times we've had idiots with company issued blackberries that are conducting business over SMS. Countless time we've had to go through painful processes with carriers to capture SMS messages for e-discovery/litigtion/hold notices. And I usually have to be the guy that tells the user 'yes even your personal messages to your wife are now going to be forever stored'.

You are correct! As you know, in some regulated industries any electronic communication needs to be stored. It isn't that these businesses WANT to look at the texts, it is that they **must** store them by law. Where I worked, we just disabled SMS since we didn't have a good way to store it for 20K users.

The corporate lawyers were the worst offenders; constantly sending sensitive, proprietary data over unencrypted channels - C - O - N - S - T - A - N - T - L - Y. Even after explaining how to use email on their blackberries for internal communications (we ran multiple BES), they'd still used SMS. Sadly, IT didn't have the political power to get SMS disabled for the legal department. I suspect most legal departments have the same issue.

Using cloud services in a different jurisdiction is a larger threat to companies than SMS. The world is beginning to understand those risks as well.

You are correct! As you know, in some regulated industries any electronic communication needs to be stored. It isn't that these businesses WANT to look at the texts, it is that they **must** store them by law. Where I worked, we just disabled SMS since we didn't have a good way to store it for 20K users.

The corporate lawyers were the worst offenders; constantly sending sensitive, proprietary data over unencrypted channels - C - O - N - S - T - A - N - T - L - Y. Even after explaining how to use email on their blackberries for internal communications (we ran multiple BES), they'd still used SMS. Sadly, IT didn't have the political power to get SMS disabled for the legal department. I suspect most legal departments have the same issue.

Using cloud services in a different jurisdiction is a larger threat to companies than SMS. The world is beginning to understand those risks as well.

Same situation here, IT lacks the power to disable SMS for the whole business. And I wholly agree with you on the cloud services; color me a skeptic on email in the cloud. We have wholly moved email to the cloud recently and it remains to be seen how this will work if we have to go through a hold notice for a patent case; or God forbid a criminal case. The cloud provider waved alot of smoke and mirrors during that question and never really nailed it down solid for my liking. But the choice was made with the statement 'above my pay grade'.

What parents want & need is not only the ability to store their child's text and text pictures, but a way to get reporting on the data their kids are using (e.g. going to websites, downloading apps, facetime). Also, an alert service would be nice - something to alert parents when their child goes to a flagged site or sent a photo text. Does anyone know of any service like this?

I find it ironic that you choose an image for the one class of phone this service can't natively support.

Sounds like it sort of support it.

Quote:

but syncing with iTunes on your desktop updates the Uppidy database, which is stored (in encrypted form) in the Amazon Elastic Compute Cloud.

No it doesn't - beacuse if I have to connect back to my desktop to push it thru itunes - then up to the cloud - I might as well just run a backup locally and be done with it. I wouldn't need his software to do this.

This is why I don't have a company phone. Once we got our Exchange upgrade to 2010 (from 2003) so we could support nearly any phone out there, we started rolling iPhones to certain users. I had iPhone envy, but wanted my own, not subject to company rules. I bought my own iPhone and have been allowed to use it for corp email. If they every put restrictions, I'll simply remove the connection to corp email.

What parents want & need is not only the ability to store their child's text and text pictures, but a way to get reporting on the data their kids are using (e.g. going to websites, downloading apps, facetime). Also, an alert service would be nice - something to alert parents when their child goes to a flagged site or sent a photo text. Does anyone know of any service like this?

Why do you need that much remote control over your children? Why can't you just ask them about their online usage and talk to them about healthy/safe browsing and connecting?

And hereby stand an old rule of mine learned long ago: If you think it's a bad idea to do it, it most likely is, or at the least can be called into question. Don't do it on the company clock, or equipment, especially if you want privacy. This is not that hard to figure out, but unfortunately, a lot of people just carry on as usual then look surprised when they get perm term'd for doing stupid shit at work/on work related machinery & devices.

In an age of Internet social media like Facebook, Twitter and LinkedIn that store everything on their servers and the ubiquitousness of email, I see no reason why a paper trail of SMS and MMS needs to backed up to a local device, let alone the Internet.

The employer may own the cell phones, but the the suggestion that this gives them the right to read their employees' messages is ridiculous. The employer also owns the land line in the employee's office. Does this give the employer the right to tap the employee's office phone? I certainly hope not! What comes next—surveillance cameras in the bathroom stalls to make sure that employees aren't snorting cocaine on their bathroom breaks? People who think employers have the right to keep their employees under constant surveillance should at least give the rest of us fair warning by wearing their Nazi I signals in public!

The employer may own the cell phones, but the the suggestion that this gives them the right to read their employees' messages is ridiculous. The employer also owns the land line in the employee's office. Does this give the employer the right to tap the employee's office phone? I certainly hope not! What comes next—surveillance cameras in the bathroom stalls to make sure that employees aren't snorting cocaine on their bathroom breaks? People who think employers have the right to keep their employees under constant surveillance should at least give the rest of us fair warning by wearing their Nazi I signals in public!

Not sure what companies you're working at, but every company I've worked for had me sign a piece of paper stating they have the right to rifle through anything on the electronic devices they give me. Email, personal docs I happen to save on my work comp, etc.

Of course, this sort of backfired when the IT folks asked everyone who logged in sometimes from remote computers (IE: their own personal computer at home) to install a little key file that would let the network know it was us and not just some schmoe that got our login. Folks at the office were looking at each other skeptically like "we already know you can go through our work comps if you want. now you want us to install god-knows-what onto our personal comps? Um...." We were wondering if they were overstepping their bounds until some of us dug into the file they gave us and realized it was just a key file. IE: I fully expect them to monitor or log what I'm doing over the remote connection, but not everythihng else that's going on on my personal comp while I'm remote connecting. I could have porn going in one window, and the remote connection going in another. It's my own personal computer, so what goes on in the remote connection is obviously their business, but what goes on between Candy and Jade is my business. Now, if I was dumb enough to open the web browser inside the remote connection session and start surfing for porn, obviously it's then the company's business.

The bottomline is ... if you think what you're doing is personal, don't do it on company property (computers, phones, etc). You just never know when you're gonna get called into the HR office for surfing that "girls on goats" web-site on your company lappy you took home one night.

I hear what you're saying. It makes me happy that I am retired now because the kinds of liberties that employers are taking nowadays were unheard of when I was working in the high-tech sector. Personally, I would never work in such a repressive atmosphere, but to each his own.

I hear what you're saying. It makes me happy that I am retired now because the kinds of liberties that employers are taking nowadays were unheard of when I was working in the high-tech sector. Personally, I would never work in such a repressive atmosphere, but to each his own.

I find it ironic that you choose an image for the one class of phone this service can't natively support.

Sounds like it sort of support it.

Quote:

but syncing with iTunes on your desktop updates the Uppidy database, which is stored (in encrypted form) in the Amazon Elastic Compute Cloud.

Hence the term "natively."

The apple app sounds like a hack that employees could easily circumvent.

Like not syncing with iTune?

Not likely. Even most small business control their mobile devices with an MDM server. Removing the app or not reporting a synch would set off a flag. There are a few ways that they could enforce this. Although it could be circumvented, it would alert them.

I hear what you're saying. It makes me happy that I am retired now because the kinds of liberties that employers are taking nowadays were unheard of when I was working in the high-tech sector. Personally, I would never work in such a repressive atmosphere, but to each his own.

Blame the massive amounts of abuse (sexual harassment, discrimination, repercussions for unionizing, blah blah) that employees are subject to now that employers feel a sense of entitlement due to their "job creator" status and a horrible economy and rampant unemployment.TFTFY